CVE-2024-41357

Name of the Vulnerable Software and Affected Versions phpipam version 1.6

Description The issue is related to a lack of protection for the web page structure in the phpipam web application for IP address management. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is specifically found in the /app/admin/powerDNS/record-edit.php endpoint.

Recommendations For phpipam version 1.6, as a temporary workaround, consider restricting access to the /app/admin/powerDNS/record-edit.php endpoint until a patch is available. Additionally, avoid using any user-inputted data in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.